Jenkins vulnerable to Cross-site Scripting

GHSA-826f-32qm-vm3j · CVE-2013-2033

Published May 14, 2022 · Modified Dec 4, 2024

Description

Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with write permission to inject arbitrary web script or HTML via unspecified vectors.

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2013-2033
WEB https://access.redhat.com/errata/RHEA-2013:1032
WEB https://access.redhat.com/security/cve/CVE-2013-2033
WEB https://bugzilla.redhat.com/show_bug.cgi?id=958957
WEB https://exchange.xforce.ibmcloud.com/vulnerabilities/84004
WEB https://issues.jenkins-ci.org/browse/SECURITY-67
WEB https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02
WEB http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb

Ready to move

Start Securing

Start for Free Get Demo

Free, no credit card | First findings in minutes